Subscription-based services, such as television, telephone, and Internet access, utilize various types of servers to perform Authentication, Authorization, and Accounting (AAA) for subscribed users. One popular protocol for supporting AAA functionality is Remote Authentication Dial-In User Service (RADIUS). As technology adoption increases, RADIUS and other authentication servers are relied on to authenticate increasing numbers of devices at individual customer premises for an expanding variety of services. In operation, the RADIUS protocol uses a UDP (User Datagram Protocol) with a transport layer and conforms to a request/response scheme based on a client-server structure.
Service Providers use Radius Servers for performing authentication, authorization and accounting functionality. The authentication phase typically involves validating the username/password or the Agent-Circuit-Id or Media Access Control (MAC) address received in the Access-Request message. Even in case of the Point-to-Point Protocol (PPP) deployment model, a Radius Server uses the same set of attributes for authenticating subscribers. The Attribute Value Pair (AVP) values received in an Access Request could be populated by various network elements based on the path traversed by the IP packets from a subscriber location to the RADIUS Server. It is possible that not all of these network elements are under the control of the service provider. Some of the network elements could be subcontracted, leased, etc.
Since service providers have different deployment models for delivering triple play services (voice, video, data), it would be highly desirable to provide a flexible system for authenticating subscribers based on the priority of an Authentication attribute.